Identity protection firm Aura has disclosed details of a phishing attack after the company was listed as a victim of the ShinyHunters cyber extortion group earlier this month.
“Aura is aware of an incident where one of our employees was the victim of a targeted phone phishing attack,” the company said this week.
“We identified that an unauthorised third party gained access to that employee’s account for approximately one hour. Upon discovery, Aura immediately terminated access to the account and activated its incident response plan, engaged external cyber security and legal experts, and notified law enforcement.”
Despite the short amount of time the threat actor was present in the network, the result was catastrophic, with almost 1 million customer records compromised.
“At this time, we can confirm that the unauthorised party was able to access approximately 900,000 records, the vast majority of which consist of names and email addresses from a marketing tool used by a company Aura acquired in 2021,” Aura said.
Aura currently believes that fewer than 20,000 active customers have been impacted, and less than 15,000 former customers.
“No Social Security numbers, passwords, or financial information were compromised,” the company said.
Details of the incident were listed by the ShinyHunters group on its darknet leak site this week, with the hackers claiming to have stolen 12 gigabytes of data, which has since been published online.
“Over 900k records containing PII and other internal corporate data have been compromised,” ShinyHunters said in its leak post.
“The company failed to reach an agreement with us despite all the chances and offers we made. They don’t care.”
Since late last year, ShinyHunters has been targeting a raft of companies via their Salesforce instances, stealing data and extorting victims before publishing it on its leak sites.
Music streaming service SoundCloud was one of the first victims of the latest campaign, with companies such as Crunchbase, Bumble, and Harvard University also listed among the group’s 20 victims.
Salesforce released advice for customers wishing to secure their systems this week – you can read this essential information here.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.